General

  • Target

    2025-05-15_72b0ab083a5365b77c915d60c0acb01f_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    6.1MB

  • MD5

    72b0ab083a5365b77c915d60c0acb01f

  • SHA1

    32171ba8b978ec6e70da34ecd5a9f034ed967512

  • SHA256

    7077ddac62ea1edf3085aa90c7b02d5f5f954dd5b80c9320d50f982c0f266434

  • SHA512

    572d274fe6aaeee3733bb7e5c4c41e6062ce0407404e2863e3b6219b000df27fb1ac61a9af4893318bb930d237e311896dc332fb1d1e5d9ad83ba57b43dfef84

  • SSDEEP

    98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vzn+FILk8hIQGIvo+JOeX3+fG:pWvSDzaxztQVzn+FILk+IQGIv9JOk+fG

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-15_72b0ab083a5365b77c915d60c0acb01f_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections